Uploaded image for project: 'OASIS Open Document Format for Office Applications (OpenDocument) TC'
  1. OASIS Open Document Format for Office Applications (OpenDocument) TC
  2. OFFICE-3869

PAS Comment JP5: Clarify relationship between digital signature and encryption

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2
    • Fix Version/s: ODF 1.3
    • Labels:
      None
    • Proposal:
      Hide

      proposal for our response to this ODF 1.2 PAS Submission comment:

      We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures.
      We suggest to replace the last two paragraphs of section 5.2 in Part 3 by:
      "If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form."
      and
      "If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms."
      We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content:
      "An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt.
      If the encryption of the files is done first, the digital signatures files shall not be encrypted.
      If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted.
      See also section 5.2.
      Note: It is current practice to first encrypt and then apply the digital signatures."

      Show
      proposal for our response to this ODF 1.2 PAS Submission comment: We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures. We suggest to replace the last two paragraphs of section 5.2 in Part 3 by: "If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form." and "If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms." We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content: "An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt. If the encryption of the files is done first, the digital signatures files shall not be encrypted. If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted. See also section 5.2. Note: It is current practice to first encrypt and then apply the digital signatures."
    • Resolution:
      Hide

      our response to this ODF 1.2 PAS Submission comment:

      We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures.
      We suggest to replace the last two paragraphs of section 5.2 in Part 3 by:
      "If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form."
      and
      "If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms."
      We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content:
      "An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt.
      If the encryption of the files is done first, the digital signatures files shall not be encrypted.
      If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted.
      See also section 5.2.
      Note: It is current practice to first encrypt and then apply the digital signatures."

      Show
      our response to this ODF 1.2 PAS Submission comment: We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures. We suggest to replace the last two paragraphs of section 5.2 in Part 3 by: "If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form." and "If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms." We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content: "An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt. If the encryption of the files is done first, the digital signatures files shall not be encrypted. If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted. See also section 5.2. Note: It is current practice to first encrypt and then apply the digital signatures."

      Description

      Comment logged by national body during the ODF 1.2 PAS process, to be address at Ballot Resolution Meeting.

      Nature of defect :Technical

      Original text of NB comment: Relations between the digital signature and encryption are not clear. Specify the relations.

        Attachments

          Activity

            People

            • Assignee:
              rcweir Robert Weir (Inactive)
              Reporter:
              chris.rae Chris Rae (Inactive)
            • Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: